Know Your Customers, Employeers, Partners and Contractor

Agenda
How can open source intelligence (OSINT) solutions help manage compliance risks
Available IT solutions to support the intelligence effort
The role of external content for effective intelligence and risk analysis
The role of processes and people

Definitions Information: Inform itself comes (via French) from the Latin verb informare, give form , form an idea of. It is an understood message and / or a sensory input, an influence, or a record (if it has a business value) Content: in media production and publishing, content is information and experiences that may provide value for an end-user / audience in specific contexts. Content may be delivered via any medium such as the internet, television, and audio CDs, as well as live events such as conferences and stage performances Technology: is a broad concept that deals with an animal species ' usage and knowledge of tools and crafts , and how it affects an animal species' ability control and adapt its environment . Technology is a term with origins in the Greek "technologia", "τεχνολογία" — "techne", "τέχνη" ("craft") and "logia", "λογία" ("saying").However, a strict definition is elusive; "technology" can refer material objects of use humanity, such as machines , hardware or utensils , but can also encompass broader themes, including systems , methods of organization , and techniques Intelligence (abbreviated int. or intel.) is not information , but the product of evaluated information, valued for its currency and relevance rather than its detail or accuracy —in contrast with " data " which typically refers precise or particular information, or " fact ," which typically refers verified information. Open Source Intelligence (OSINT) is form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence . In the Intelligence Community (IC), the term "open" refers to overt, publicly available sources (as opposed to covert or classified sources); it is not related to open-source software .

Security Threats and Compliance Risks Compliance and Security Threats Corruption Financial fraud Embezzelment Vandalism Social and political instability Theft Sabotage Cyber crime Industrial espionage Terrorism acts Extortion Robbery Corporate Risks Legal Financial Reputational

Proliferation of risk factors
The complexity of day‘s world requires a virtually unlimited access relevant information for decision making
Criminal action Criminal Information Operation
infringe regulary or antitrust constraints,
promote corruption and embezzlement,
participate in fraud machinations,
be involved in money laundering schemes,
breach international embargoes or national sanctions,
assist in the proliferation of strategic goods and WMD,
enable terrorist financing,
cause serious environmental or health damages,
being a implicated in organized crime,
be involved in activities heavily violating human rights
infringe regulary or antitrust constraints,
promote corruption and embezzlement,
participate in fraud machinations,
construct money laundering schemes,
breach international embargoes or national sanctions,
facilitate proliferation of strategic goods and WMD,
enable terrorist financing,
disguise environmental or health damages,
facilitate organized crime,
disguise activities heavily violating human rights

Organisational complexity: Who is involved Human Resources Hiring Legal Risk Competition CI Product CSR CI Marketing Group Risk Public Affairs corp comms Marketing Operations Legal Compliance Operations Legal Manufacturing PR XXXXXXX

Information surrounding corporates

A new information paradigm

How can open source intelligence (OSINT) solutions help manage compliance risks

Information requirement other sources/methods/disciplins OSIF TECHINT MASINT IMINT SIGINT HUMINT Printmeda „ Internet“ TV-/Radio Blogs Video-blogs Wickis Plattforms of NGO Publicly available sources Private Information Provider Requirement of information

OSINT information requirement Commercial Online Books & Journals Conferences & Dissertations Maps & Commercial Imagery Internet Telephone Surveys Gray Literature Complex Human & IT Services OSINT Universe

The risk of corporate „autism“ Auto-referential High risk exposure
Emergence of business intelligence, CRM, collaboration tools has multiplied the internal information available, and the emphasis on it
Many organisations rely very heavly on intangible information, held by employees (the wealth manager who knows his customer inside-out, etc.)
Difficult access to information
Internal information (customer names, partner companies, suppliers) is not matched with the external information available (biographies, company profiles, news)
Open external information Risk conscious
Regulator‘s requirements and risk management policies ask for an intelligent exploitation of the external information available
Intangible information assets can be improved with access external information
IT is now capable of „connecting-the-dots“
Content aggregation is now a mature market, offering a global coverage, with structured data delivery and integration capabilities

The risk of not knowing Legal & compliance risk Cost of remedial actions «Top Management attention » cost Cost for rebuilding your brand

The back-hole: information security risk
External monitoring of:
Internet
Content providers
Consultants
Contractors
Employees
Access of classified information:
Industrial espionage
Cyber crime
Data on current / past investigations

Available IT solutions to support the intelligence effort

Corporate Intelligence is an integrated framework of information and technology Prevention -Undetectable Open Source Intelligence - Information Retention -Outsourcing of Investigation
Forensic
-Information Disclosure on Demand
Paper, Files, E-mails Archiving
Information Capturing and Forensic Services
Litigation -Lawsuit and Matter Management -Collaborative and Auditable Environment -Integration with forensic and prevention Corporate Intelligence Proactive Reactive

Preventive approach Industry Need Departments Typical risk General characteristics Specific characteristics Banking Know Your Customer Compliance Legal Anti Money Laundering International affairs Legal risk related fraud and financial crimes Reputational risk Access premium intelligence information Name matching performance with advanced linguistic and cultural capabilities Unlimited scalability (for screening up several millions records per day, names and/or transactions) Flexibility in rollout (from lap top big parallel server farms) Automatic maintenance for traceability of activities Anonymous search Access must-have AML sources (World-Check, Dow Jones) Customer On-boarding Advanced Automatic name matching Anonymous Search High risk industries Know Your Employees Partners Contractors Top management Security HR Internal fraud Legal risk Reputational risk Operational risk Data on-boarding Global information coverage Internal data integration Experience with military intelligence Law enforcement Attorneys Army Know Your Open Sources OSINT units Research departments Crime Terrorism Conflicts Global coverage Criminal records coverage Experience with military intelligence

Reactive approach
Litigation eDiscovery
Data collection
Analysis
Review
Forensic eDiscovery
Information management
Early Case Assesment

Global information flood is the main challenge Open available Sources 500‘000 Messages a day from 30‘000 news Papers, radio, tv
Official Sources:
Print- Media
TV-/Radio
Professional Providers
„ Internet“:
Blogs
Video-blogs
Wikis
OSINT based Systems „ Googles“ 70 % 30 % OSINT Files E-Mail Paper Scanning Hard Disks Corporate Information Corporate Intelligence HUMINT

High data volume search is not just search Enterprise Search is not just a search bar and results, but a complex and sophisticated accessing platform for unstructured data. Information Chain Management (ICM) paradigm as design doctrine of any Enterprise Search Best Practice roadmap. In its complexity ICM compares with the value chain in the oil industry: Relevant information sources are systematically researched, tapped (exploration) and refined in usable information (refinery) and efficiently distributed (exploitation).

Professional search technologies market landscape The size of the bubbles indicates the market share Autonomy acquired Verity in 2006 Fast acquired Convera in 2007 Microsoft acquired Fast in 2008 Features Low Strategy High High

Sofware tools and algorithms: name matching 91.17 ARTHUR HUBBARD HUBBARD BRIAN ARTHUR 90.47 WILLIAM STAUBINGER STAUBITZER WILLIAM 84.55 EMMANUEL OBBI BEN-OBAJE EMMANUEL OCHOLI 80.73 EMMANUEL OBBI MADUKA EMMANUEL OBI 93.29 GERHARD ZERMANN HERMANN GERHARD 90.28 SAMUEL ANDREAS OBBI ANDREAS SAMUEL 89.93 WILFRED PENNA PENA WILFREDO 84.71 WILFRED PENNA PENA CABUS WILFREDO 83.84 WILFRED PENNA PENA PENA WILFREDO GEOVANNI 87.89 KARL DAMPIERRE DAMPIER KARL 97.32 MOHAMMAD NURY NURRI MOHAMMAD 96.97 MOHAMMAD NURY MOHAMMAD NUR 85.06 LEO WALKER WALKER LEN 85.06 LEO WALKER WALKER LEE 85.10 VERONIKA SOUZA GONCALVES DE SOUZA VERONICA MARIA 81.50 VERONIKA SOUZA SANTOS SOUSA DA SILVA VERONICA 81.50 VERONIKA SOUZA SILVA DE SOUSA LAURENI VERONICA 87.07 FREDDY PEREIRA IBANEZ PEREIRA FREDDY JERONIMO 95.89 PETER SANTO SANDHU PETER 90.61 PETER SANTO SANTOS PETER 96.29 MOHAMMAD HAMDI MOHAMMAD HAMDI SADIQ AL-AHDAL MUHAMMAD 96.27 MOHAMMAD HAMDI AL TAHHAN MOHAMMAD HAMDI 96.27 MOHAMMAD HAMDI AL-TAHHAN MOHAMMAD HAMDI 95.77 MOHAMMAD HAMDI AL-AHDAL MOHAMMAD HAMDI SADIQ

Name matching: simple concept – complex application

The role of external content for effective intelligence and risk analysis We spent the last 50 years focusing on the T part of IT, now we should spend another 50 thinking about the I part.

New rules and the “pressure to know”... Rules Consequences FATF: recomendations and blacklists US-PATRIOT Act KYC, KYCC and transaction monitoring EU Anti-Money Laundering Directives National money laundering ordinances Anti-corruption initiatives Higher compliance costs Margin and efficiency reductions High reputational and legal risks High attention on corporate crime by public opinion Sanction risks Intangible reputational risks Higher financial complexity = higher risk of financial fraud Higher automation = less customer intimacy Criminals learn fast

Distribution of compliance incidents © Scalaris AG I I Cost of missing critical information Frequency Severity Small Minor Cases/Incidents Significant Cases/ Incidents Medium Cases/ Incidents Number/Type of required information

Emergence of a risk based governance & compliance

Information proliferation Internal Information Proliferation External information proliferation Identification Improvement of content gathering technologie Classification Paper content becomes digital Suspicious events Archive information will be more available analysts Financial situation Lower value of free content, often considered less trustful Monitoring & Archiving Exponential growth of content production and publishing

The information overload
500 billion web pages
7 million added per day
1 million per day going out of date
14 billion emails daily
45 million scientific articles growing at 5,000 per day
Insurance companies receive 35,000 letters per day in UK
Enterprise data is doubling every six months
Content is becoming a commodity
Subscription-based access is limited
Market consolidation
« Low but steady » growth

Reasons for not finding the right information

The garbage in / garbage out principle: Quality always matters Open web (5-10 % of available Information) Deep web (90- 95% of available Information) Google like search engines Fee-based providers Value-added providers Quantity Diversity Indipendence Quality Timeliness Accuracy Selected information High value Standard format Quality Timeliness Accuracy Regular update Full-text indexing Automated alerts Workflow Integration Confidentiality (thorough anonymisation techniques) Very low Precision & Recall No full text indexing Volatility No confidentiality Limited update Limited Search & Archive Cost Low confidentiality Cost Need of multiple providers

Principles around content selection Fee and value added news aggregators: companies that offer for a fee, general news content that is business –related and electronically-delivered International Content Local Content Local Language Market Content Indexing Local Account Mgmt. Technology Service Integration Personalisation Reliability Consistency Integrity (full text) Customer Service Dependability Consultancy

Principles around content selection Providers Evaluation criterias should include: Source Evaluation criteria should include: Coverage Archive historical depth Languages Local sources availability Exclusive sources Content structure (taxonomy) IT capabilities (indexing, abstracts, translation services, inforrmation relationships) Quality Authority Relevance Trust Timeliness Technical Delivery capability + cost of accessing the content + cost of elaboration & analysis + cost of access + cost of elaboration & analysis

Overview of content providers

Content providers market overview

Overlapping is not a crime Critical information requirement

Global and Local coverage

Perception (isn‘t) reality

Advantages of an intelligent information strategy
Research time reduction
Reduction of critical information gap
Legal, Compliance & Reputational cost reduction
Better distinction beetween perception and reality

The role of processes and people

Man, Process and Machine

Know Your Customers, Employees, Suppliers, Partners & Contractors How use Technology and Information to drive Compliance and Crime Due Diligence more effectively Claudio Foglini Senior Consultant – Intelligence Automation Solutions [email_address] Corporate Compliance Gulf Conference Dubai, 29 April 2009

Know Your Customers, Employees, Suppliers, Partners & Contractors: Cost / Employee Reputational / Legal / Operational Risk / Employee Human Based Analysis Required / Employee Machine Based Analysis Required / Employee External Information Required / Employee + - - - + + + + - - Know Your Employee – Process Example - Prevention Copyright Claudio Foglini

Know Your Customers, Employees, Suppliers, Partners & Contractors: Cost / Employee Reputational / Legal / Operational Risk / Employee Human Based Analysis Required / Employee Machine Based Analysis Required / Employee Information Required / Employee + - - - + + + + - - Know Your Employee – Process Example - Forensic Copyright Claudio Foglini

Scalaris Intelligence Automation Solutions: our capabilities AySEC Services Ltd. www.crimeduediligence.net
Technology
Open Source Intelligence Aumation
Secure and anonymous
Proprietary name matching algorithms
Autonomy IDOL - based Multi-lingual search engine
Scalable
False positive reduction
Consulting
OSINT and Due Diligence for Corporate, Financial and Military Industries
Next Generation KYC processes and tools
Expertise with global financial institutions and law enforcement agencies
Content
Best available content collections
Specialized content
Internal content integration
Information brokering
On-demand crime and customer due diligence
Research design
Research Execution
International network

Company check № Object . automatic .pro .master .premium .lux Registration information 1 .01 Company’s Name + + + + + 1.02 Document of juridical list + + + 1.03 Registration details + + + + 1.04 Company hisry from creation moment + + + + + 1.05 Company structure and organization + 1.06 Last changes in constituent documents + + + + 1.07 Major field of activity + + + + + 1.08 Decoding of economic activity + + + + 1.09 Licenses on kinds of activity (in case of existence) + + + 1.10 Affiliated organizations + + + 1.11 Existence of subsidiaries and representative companies + + + Location 2.01 Revelation of real location of counteragent + + 2.02 Work with company contact telephones + + + + 2.03 Company web-site research (date of creation, owner, etc.) + + + + p management 3.01 Direcr identification + + + + 3.02 p management (CEO, deputies, Board of direcrs, etc.) + + + 3.03 p Management Profiles (s. Person check) + Company financial performance 4.01 Extract of balance items + + + 4.02 Information about authorized capital sck + + + + 4.03 Revelation of major debrs and credir + 4.04 Short decoding of company assets + + + 4.05 Direction of product movements + + + 4.06 Company sender / recipient + + + 4.07 Commodity name + + + 4.08 Commodities quantity + + + 4.09 Manufacturer + + + Relations with business partners 5.01 Revelation and search of clients, suppliers + + + 5.02 Terms of collaboration with clients, suppliers + + + 5.03 Sums of last shipments and their purpose + + + 5.04 Debts suppliers, clients + + + 5.06 Unfulfilled obligations + + + 5.07 Recommendations + + Benchmarking 6.01 Market research and market share of checked company + 6.02 Activity results / Future plans + 6.03 Company strategy + 6.04 Research of company business processes + 6.05 Services and major advantages + 6.06 Competirs distinction + 6.07 Interviewing + Negative 7.01 Pronounced company and management negative information + + + + 7.02 Courts, arbitration proceeding, sanctions, penalties + + + + + 7.03 Management connections with organized criminal groups, criminal, administrative responsibility + + + 7.04 Presence in WorldCheck or PFA Factiva records + + + + + Mass media 8.01 Mass media review (Thomson-Reuter or LexisNexis) + + + + + 8.02 Mass media digest (cluster analysis) + + + + 8.03 Mass media analysis + Schemes 9.01 Scheme of affiliated persons interaction + + + 9.02 Scheme of company organizational structure (position, name, telephone) +

Crime Due Diligence : Person Check Person check № Rate « Persona » . automatic .pro .master .premium .lux identification 1.01 Time and place of birth + + + + + 1.02 Residence and nationality + + + + + Registration / Real estate 2.01 Information about previous residences + + + + 2.02 Real estate possession + + + + 2.03 Description of buildings and apartment according location + + + Phone numbers 3.01 Phones numbers on registration addresses (regions individually) + + + + 3.02 Phones numbers on work addresses + + + + 3.04 Other contact phones + Family status / relatives 4.01 Family status + + + + 4.02 Relatives connections revelations + + + 4.03 Relatives participation in business (shares in authorized capital sck) + + Person Profile 5.01 Job places revelation + + + + + 5.02 Employer short description + + + 5.03 Work period + + + 5.04 Position + + + + 5.06 Psychological portrait + Business 6.01 Share in authorized capital sck of company + + + + 6.02 C o-founder s + + 6.03 C o-founder s short description + Negative 7.01 Criminal, administrative responsibility + + + + + 7.02 Federal police search + + + 7.03 Connections with organized criminal groups + + + + + 7.04 Mentions in notes of arrested persons + + + 7.05 Participation in suits + + Mass media 7.06 Short mass media review + + + + + 7.07 Mass media digest (cluster analysis) + + + + 7.08 Mass media analysis + Schemes 8.01 Affiliated persons scheme + +

Conclusion
Precautionary principle should be applied, by orienting the choice wards the best possible information coverage
Content redundancies should be tolerated concentrate on the information gaps that hide high risk areas
IT infrastructures / applications can take responsability for full exploitation and dissemination of critical information
Complex search engines can perform federated searches and analyse / connect virtually all type of content
External information always has two sides
It can be a source to reduce risk
It can become the source of your problems
Humans always outperform machines
Technology and content help informed decision making

Thank you for your attention Claudio Foglini Senior Consultant [email_address] +41 79 383 1130

Know Your Customers, Employeers, Partners and Contractor

by Claudio Foglini

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 8

Statistics

Know Your Customers, Employeers, Partners and Contractor Presentation Transcript

http://www.slideshare.net	7
http://webcache.googleusercontent.com	1